Skip to content

[pull] master from sqlmapproject:master #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pull merged 1 commit into from
Oct 17, 2025
Merged

[pull] master from sqlmapproject:master #44

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions data/txt/sha256sums.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ eed1db5da17eca4c65a8f999166e2246eef84397687ae820bbe4984ef65a09df extra/vulnserv
4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/controller/__init__.py
216c9399853b7454d36dcb552baf9f1169ec7942897ddc46504684325cb6ce00 lib/core/agent.py
fbba89420acafcdb9ba1a95428cf2161b13cfa2d1a7ad7d5e70c14b0e04861f0 lib/core/bigarray.py
e3b8f8cf9607d12f3de5e6bcd5031f21f50d4b331844b8e921493dfde2efe0f7 lib/core/common.py
5b21bafe2eb07466d9751f4d80b21f256d5ffb1bb5a9639f91c09a43ec3fec87 lib/core/common.py
d53a8aecab8af8b8da4dc1c74d868f70a38770d34b1fa50cae4532cae7ce1c87 lib/core/compat.py
ebe518089733722879f5a13e73020ebe55d46fb7410cacf292ca4ea1d9d1c56a lib/core/convert.py
ae500647c4074681749735a4f3b17b7eca44868dd3f39f9cab0a575888ba04a1 lib/core/data.py
Expand All @@ -188,7 +188,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0 lib/core/readl
d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920 lib/core/replication.py
1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3 lib/core/revision.py
d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38 lib/core/session.py
e6660a4a17b40a89ac9633c1091130fa47a8f9ee2eb17cb5564a9edc4e6a9202 lib/core/settings.py
44c63e38d0867e3040da84dade0318ee5e1da7f72f69396c0cbbda2383c07f80 lib/core/settings.py
1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09 lib/core/shell.py
4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053 lib/core/subprocessng.py
cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a lib/core/target.py
Expand Down Expand Up @@ -230,7 +230,7 @@ eba8b1638c0c19d497dcbab86c9508b2ce870551b16a40db752a13c697d7d267 lib/request/pk
479cf4a9c0733ba62bfa764e465a59277d21661647304fa10f6f80bf6ecc518b lib/takeover/udf.py
08270a96d51339f628683bce58ee53c209d3c88a64be39444be5e2f9d98c0944 lib/takeover/web.py
d40d5d1596d975b4ff258a70ad084accfcf445421b08dcf010d36986895e56cb lib/takeover/xp_cmdshell.py
3a355d277fa558c90fa040b3a02b99690671bf99a7a4ffb20a9a45878b09ab5e lib/techniques/blind/inference.py
3056ebf295e8f1a251723ddd9cd2e008e71269d3c53c8b3e96f8ebbf73d4c137 lib/techniques/blind/inference.py
4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/techniques/blind/__init__.py
4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/techniques/dns/__init__.py
d20798551d141b3eb0b1c789ee595f776386469ac3f9aeee612fd7a5607b98cd lib/techniques/dns/test.py
Expand Down
20 changes: 10 additions & 10 deletions lib/core/common.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2204,19 +2204,19 @@ def safeStringFormat(format_, params):
while True:
match = re.search(r"(\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\Z)", retVal)
if match:
if count >= len(params):
warnMsg = "wrong number of parameters during string formatting. "
warnMsg += "Please report by e-mail content \"%r | %r | %r\" to '%s'" % (format_, params, retVal, DEV_EMAIL_ADDRESS)
raise SqlmapValueException(warnMsg)
else:
try:
retVal = re.sub(r"(\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\Z)", r"\g<1>%s\g<3>" % params[count], retVal, 1)
except re.error:
retVal = retVal.replace(match.group(0), match.group(0) % params[count], 1)
count += 1
try:
retVal = re.sub(r"(\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\Z)", r"\g<1>%s\g<3>" % params[count % len(params)], retVal, 1)
except re.error:
retVal = retVal.replace(match.group(0), match.group(0) % params[count % len(params)], 1)
count += 1
else:
break

if count > len(params) and count % len(params):
warnMsg = "wrong number of parameters during string formatting. "
warnMsg += "Please report by e-mail content \"%r | %r | %r\" to '%s'" % (format_, params, retVal, DEV_EMAIL_ADDRESS)
raise SqlmapValueException(warnMsg)

retVal = getText(retVal).replace(PARAMETER_PERCENTAGE_MARKER, '%')

return retVal
Expand Down
2 changes: 1 addition & 1 deletion lib/core/settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
from thirdparty import six

# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.9.10.1"
VERSION = "1.9.10.2"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
Expand Down
2 changes: 1 addition & 1 deletion lib/techniques/blind/inference.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,7 @@ def tryHint(idx):
unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(posValue))
forgedPayload = agent.extractPayload(payload) or ""
forgedPayload = forgedPayload.replace(markingValue, unescapedCharValue)
forgedPayload = safeStringFormat(forgedPayload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx, posValue))
forgedPayload = safeStringFormat(forgedPayload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx))
result = Request.queryPage(agent.replacePayload(payload, forgedPayload), timeBasedCompare=timeBasedCompare, raise404=False)
incrementCounter(getTechnique())

Expand Down